Host-based backup of VMware vSphere VMs.
Post Reply
adam900331
Veteran
Posts: 312
Liked: 22 times
Joined: Dec 01, 2019 7:27 pm
Contact:

Potential malware activity detected

Post by adam900331 »

Hy!

I have got a malware notofication regarded to one of the Linux VM. Te report is: Potential malware activity detected. Detection source: Encrypted data.

How can I identify that why Veeam say there are encrypted data? Are there any log?

I cannot use Scan backup on Linux backup...

Thanks.
david.domask
Veeam Software
Posts: 2123
Liked: 513 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: Potential malware activity detected

Post by david.domask »

Hi adam900331,

Encrypted data alert would come from the Inline Scan feature of Malware detection -- do give the User Guide page a read to better understand how it works, but briefly, the backup data-stream is analyzed and checked for potential signs of encryption. Because it's analyzing the data blocks in flight, there isn't a 1:1 match of "This file looks suspiciously encrypted" as the block in the data-stream doesn't have such a relationship.

Start by checking the Malware Events section in general, but for the encryption alerts it's best to just do a scan on the flagged machine itself or see what processes are running. It is possible this is a false-positive, but it's best to check the machine itself.
David Domask | Product Management: Principal Analyst
Post Reply

Who is online

Users browsing this forum: No registered users and 28 guests